Sustainability

EN | TH

Risk and Crisis Management

BDMS is committed to managing these challenges to ensure long-term and sustainable business operations,with a focus on the three key pillars of sustainability: Environmental, Social, and Governance (ESG). These elements are fundamental to addressing business challenges, driving sustainable growth, and reinforcing stakeholder and investor confidence across all groups.

BDMS has established a comprehensive risk management framework focusing on 3 key aspects to ensure business resilience and sustainability

Established a clear governance structure to ensure swift and efficient risk management in a timely manner.

Developed a comprehensive risk management process by integrating multidisciplinary personnel across its operations

Committed to fostering a strong safety culture among all stakeholders, including employees, healthcare professionals, patients, and partners, to minimize and prevent potential risks.

Risk Governance

The Company acknowledges the significance of risk management as an essential element of good corporate governance. Accordingly, the Company has defined clear roles and responsibilities for Enterprise Risk Management at both board oversight and operational levels. The Board of Directors has appointed the Risk Management Committee to scrutinize the Company’s risk management policy and directions, as well as to monitor and follow up the compliance of risk management policy and procedures. At the operational level, the Company follows the 'Three Lines of Defense' principle for risk management roles and responsibilities, as follows

Risk Governance Framework	Dedicated committee and roles	Roles and responsibilities
Board Oversight	Board of Director	Oversight the internal control system and inspect suitable risk management procedures. Establish an efficient internal control system and audit system for the purpose of audit as well as supervise the operation and coordinate with the Audit Committee.
Board Oversight	Risk Management Committee	Oversight the Company’s risk management policy and provide directions as well as to monitor and follow up the compliance of risk management policy and procedures. .
1^st Line of Defense	Front-line employees as risk owners such as Risk Manager, Patient Safety Coordinator	Plan and manage work in accordance with set guidelines and within budget framework. Collect data on high-severity risk incidents and complaints that may impact the company’s reputation. Coordinate with network hospitals, experts, and relevant stakeholders to convene meetings to review potential risks or incidents and determine facts within specified timelines, summarize key risk findings. Assess review and correlate with investigative evidence with relevant laws and regulations to plan preventive measures and corrections. Report to superiors in the chain of command.
2^nd Line of Defense	Chief Administrative Officer and Enterprise Risk Management Steering Committee	Evaluate all organizational risk areas within the BDMS domain, considering both internal and external factors. Prioritize those exposures to develop an effective risk management framework. Develop and promote risk management policies, plans, and guidelines organization wide. Organize regular meetings to monitor progress and resolve issues quarterly or more frequently as needed. Report progressive implementation to the Risk Management Committee and BDMS Policy and Strategy Planning Working Team quarterly.
3^rd Line of Defense	Internal Audit Director and Internal Audit Unit	Systematically monitor business practices, ensuring strict compliance with internal controls, legal disclosure requirements, and assessing risk management for the Company’s business and finances. Plan the Company's annual audit and internal audit activities. Review internal investigation evidence for suspected fraud, irregularities, or significant control system defects, and report findings to the Board of Directors for consideration. Ensure that the Company has established suitable risk management and control systems that encompass the entire organization, and suggest appropriate and efficient management of risks associated with the Company’s business operations.

For more details, please refer to

BDMS Risk Management Structure, Roles, Duties and Responsibilities in Risk Management

BDMS Risk Management Process

Comprehensive Risk Management for Sustainable Healthcare at BDMS

BDMS operates in line with the Risk Management Policy where the Board of Directors appoints the Enterprise Risk Management Steering Committee, comprising of independent representatives from relevant departments as members of the Committee. Their responsibilities are to review and screen the risk management policy and guidelines in business operation, starting from risk identification and assessment, guideline establishment and integrated management throughout every organizational activity. The risk management performance is quarterly reported to the Risk Management Committee. Simultaneously, any emerging risks related to medical service business in line with global trends, population structure and business operation technologies must also be assessed.   Furthermore, BDMS emphasizes proactive risk management approach as well as encourages the incident search procedure that may incur risks and prevent them from affecting any patients. Besides, BDMS promotes all employees, medical doctors, nurses, multidisciplinary professionals, including employees of the hospitals and of the business groups to collaboratively participate in quality activities to consistently improve medical treatment processes to deliver the utmost safety to all patients by taking into consideration the environmental, social and governance sustainability.  

In 2023, BDMS also emphasized the safety of surgical and obstetric patients to ensure the quality management and development of pregnant women and obstetric patients in line with the standards of the company groups while performing into consideration the utmost safety of all patients. Consequently, BDMS reconsider “BDMS Safe pregnancy and Delivery Working Committee” and appoint the OB and GYN Safety Working Team as“BDMS Safe pregnancy and Delivery OB and GYN Working Committee” with the responsibility to determine treatment guidelines for pregnant women and child delivery, obstetrics and gynecology, including improvement of quality, knowledge, capabilities and skills in patient care as well as improve the operating results for mother and newborns according to the international standards.

Effective risk management is key in support of long-term operation plan and the organization’s flexibility. Owing to current risks and potential risks in the future, BDMS realizes the significance of risk management and takes into consideration 3 aspects of sustainability: namely, environmental, social and governance (ESG). These three aspects are deemed crucial components of good corporate governance and a key mechanism of any decision making and operation plans to minimize business risks. The process also helps lessen obstacles and unpredictable factors in terms of profits and operation while building trust among investors and every stakeholder group.

BDMS Risk Management Strategy

BDMS integrates key information and essential aspects of corporate risk management to identify critical business risks while assessing their short, medium, and long-term impact.

BDMS Categorization of 9 Major Corporate Risks

1.Strategic Risk

Risks from misaligned corporate strategy, action plans, or improper implementation affecting revenue, funding, business performance, and continuity. BDMS mitigates this through market analysis, adaptive strategies, and continuous evaluation to ensure sustainable growth.

2.Financial Risk

Risks arising from financial and accounting management, including currency fluctuations, interest rates, liquidity issues, and other accounting risks. BDMS mitigates these risks through robust financial planning, risk assessments, and adaptive financial strategies to ensure stability and sustainable growth.

3.Clinical and Patient Safety Risk

Risks that may impact patient safety during medical services, diagnosis, and treatment processes. BDMS mitigates these risks through strict adherence to medical standards, continuous staff training, advanced technology integration, and rigorous quality control measures to ensure safe and effective patient care.

4.Operational, Nonclinical, Physical Hazard, Environmental, and Disaster Risk

Risks that may cause losses or adverse events unrelated to patient care, including environmental factors, equipment failures, and internal operational issues such as human errors, system malfunctions, and process failures. Additionally, external threats like natural disasters or unforeseen incidents pose potential disruptions. BDMS mitigates these risks through strict operational protocols, continuous staff training, risk assessments, and emergency preparedness plans, ensuring efficiency, safety, and business continuity.

5.Environmental, Social, and Governance (ESG) Risk

Risks arising from environmental, social, and governance (ESG) factors that may impact business operations and long-term corporate sustainability. BDMS mitigates these risks through sustainable resource management, ethical business practices, regulatory compliance, and proactive stakeholder engagement, ensuring resilience and responsible growth.

6.Human Capital Risk

Risks related to labor shortages, including recruitment challenges, employee retention, skills development, and compensation management. BDMS mitigates these risks through strategic workforce planning, competitive benefits, continuous training programs, and employee engagement initiatives to ensure a skilled, motivated, and sustainable workforce.

7.Legal and Regulatory Risk

Risks arising from non-compliance with regulations, procedures, rules, and policies, which may lead to legal, financial, or reputational damage. BDMS mitigates these risks through strict regulatory adherence, continuous monitoring, employee training, and robust governance frameworks to ensure compliance and corporate integrity.

8.Reputation Risk

Risks that may harm the corporate image, especially when negative information spreads through various communication channels, including protests, critiques, or public scrutiny. Such risks can lead to diminished customer trust, negative public perception, and loss of investor confidence. BDMS mitigates these risks through proactive communication strategies, strong stakeholder engagement, crisis management planning, and continuous brand reputation monitoring to uphold public trust and corporate credibility.

9.Technology Risk

Risks associated with the use of information technology in business operations, including threats to confidentiality, integrity, and availability (CIA) of data and systems. These risks may result from cyber threats, security vulnerabilities, and system failures, potentially disrupting business operations. BDMS mitigates these risks through robust cybersecurity measures, data protection policies, continuous system monitoring, and IT infrastructure enhancements to ensure secure and resilient digital operations.

Risk Management Processes

BDMS established Core System Risk Assessment and Hazard Vulnerability Analysis as guideline for risk management on clinical risks and risks related to core systems in hospitals. Risk management procedures are briefly described as followed.

1. Risk Identification

The department head and the committee responsible for critical systems are responsible for reviewing the working process, risks and factors from the occurrence or incidence report in the passing years, statistical indicators and experience from the external parties to determine potential impacts.

Risk factors are identified based on internal and external past events occurred. The data sources are obtained from updated in law and regulations, Occurrence report and Peer review

2. Risk Assessment are considered covering 2 factors

Likelihood assessment: assess potential and frequency of impact occurrence
Impact assessment: assess on quantity impact and quality impact in various aspects such as compliance to laws and regulations, safety, financial, strategic and operational and reputation

3. Risk Scoring and Risk Prioritization

Risk Scoring or Risk Prioritization are considered based on levels of likelihood and levels of impacts. Risk Scoring can be illustrated as 5 of risk levels with definitions with the maximum score at 25 points.

For more details, please refer to

Risk Treatment or Risk Mitigation

BDMS Commitment to Maintaining Resilience against Risks and Changes

BDMS Occurrence Reporting

BDMS sets forth the occurrence reporting system for employees and related internal and external personnel in case of any risks or incidents in the business operations. All personnel have the responsibility to manage such incident in a timely manner and must report the incident through the specified channels, both online and regular, within 8 hours after such incident takes place, with the aim of investigation and data analysis on the impact level. The impacts can be categorized in clinical aspects, including other aspects as follows:

Each impact level results in different internal investigation methods. The occurrence will be reported to the executives on a monthly and quarterly basis.

The risk appetite is at level Low to Medium only (Risk score below and equal to 0 is acceptable and depends on hospitals aspects).

For more details, please refer to

BDMS Risk Occurrence Reporting

Internal Emergency Procedures and Measures

BDMS Practices and Procedures in Emergency Situations

Audit of the risk management process

Internal Audit

The Audit Committee has roles and responsibilities, including ensuring that the Company has established suitable risk management and control systems that encompass the entire organization and suggesting appropriate and efficient management of risks associated with the Company’s business operations. Audit Committee has assigned the internal auditor team to set plan for the Company's annual audit. BDMS’s internal audit process is in accordance with International Professional Practices Framework (IPPF) by Institute of Internal Auditors. The internal audit plan covers reviewing the effectiveness of control, including IT reliance processes and non-IT reliance processes of hospital in BDMS groups and its subsidiaries. The project-based internal audit includes reviewing the effectiveness of the risk management process to assess control effectiveness and mitigation measures. The internal audit is conducted to check alignment of regulatory compliance and external relevant standards, such as regulatory requirements and international standards, such as IT Risk Management under ISO 27001, and requirements based on the Personal Data Protection Act 2012.

In 2024, the internal audit team conducted an assessment of the effectiveness of the control environment in several areas of BDMS’s operational modules. For example, in terms of non-IT-related modules, internal audits were performed to assess the appropriateness of controls in the maintenance process of medical equipment, budget management, revenue recognition, cash receipts, and cash disbursements in the Finance & Accounting department and Human Resource management. For IT-related modules, internal audits were conducted to ensure compliance with BDMS's Information Security Basic Requirements for the 17 actions taken covering information security management and data privacy management, as announced by the Information Security Management Committee (ISMC).

The internal audit process which cover risk management process are demonstrated below:

A diagram of a business process

AI-generated content may be incorrect., รูปภาพ

External Audit

BDMS's has engaged third-party auditors to assist with audit procedures on Risk Management process related to documented policies, procedure relevant to system/data access and the effectiveness of Information Technology operation systems and controls related to the Company’s information system and internal accounting control systems.

Risk Review

BDMS has disclosed two risk assessments based on the Company’s risk management procedures. The information contains risk descriptions, type of risks, potential impacts, risk appetite levels and mitigation action as described below.

Type of risks	Risk 1: Clinical Risk	Risk 2: Technology Risk
	Clinical and Patient Safety Risk- Diagnostic and Treatment Errors	Technology risks -Cyber Threat Risk Impacting IT Systems and Data Integrity
Description	As BDMS is engaged in hospital operations to provide medical services, patient surgeries, and other procedures, it is crucial for BDMS to rigorously manage and prevent any failures or misdiagnosis. Such failures could result in incorrect treatment.	BDMS relies on digital technology and data security as key drivers to deliver services and operate with quality, compliance, and consistency, ensuring relevance to the information security system. Shifting in company’s business operation towards digital service channels, inadequate security system and vulnerabilities in related hardware may increase exposure to cybersecurity risk, data security threats and potential data breaches. The company needs to ensure that the information system and servers hosting data are adequately protected and secured.
Risk Exposure	Clinical and Patient Safety Risk are classified as medium likelihood and extreme impact. In our ongoing commitment to delivering the highest standard of care, BDMS recognizes potential risks such as misdiagnosis and treatment errors. Misdiagnosis in Clinical Settings include cognitive errors on the part of clinicians, communication breakdowns among providers or between providers and patients, workflow and system issues in care processes, and technical limitations of diagnostic tools or technology.	IT and Cyber Security are classified as medium likelihood and high impact. BDMS recognizes potential risks that may increase relating to Cyber Threat Risk Impacting IT Systems and Data Integrity. Potential for attacks that may take advantage of vulnerabilities in firewalls, Wi-Fi, or network infrastructure. There are also concerns related to outdated software, application development challenges, and design considerations, as well as the use of weak passwords, insecure configurations, or shared accounts, which could lead to improper handling of sensitive data. -The potential risks associated with unauthorized access, including the possibility of brute-force attacks, credential stuffing, or the use of compromised login credentials. Threats that need to be considered, such as those posed by Man-in-the-Middle attacks, malware, or data exfiltration. The potential risks from external connectivity risks e.g, the use of cloud services, APIs, and third-party services. The potential risks from outdated hardware and network systems that may not receive security updates and Wi-Fi networks lacking sufficient encryption, which could increase the risk of data interception.
Impact	Misdiagnosis defined as the failure to establish an accurate, timely explanation of a patient’s health problem, is a major patient safety concern. Diagnosis errors may lead to sub-optimal care, significant patient harm, including permanent disability or death and erosion of the hospital’s reputation and stakeholder trust.	The risk associated with cyber-attacks, data security, and data leakage have emerged due to changes in BDMS's business model, which increase in services provided through digital channels. These changes may increase risk of vulnerabilities in data security systems, unauthorized access to data, and hardware that may not adequately support operational needs.
Risk Appetite	Incidence rate of diagnostic/treatment errors at severity level 4 and above per 100,000 Adjusted Average Daily Census: AADC*in range of 1.5 - 2.5 Cost of poor quality per core revenue in range of 0.2-0.5%	Group Security Score Overview of Register Website in range of 640 - 690 scores. (Healthcare Industry Range (690 – 770). Percentage of servers and end-of-support systems not-updated security patches as plan in range of more than 5%-10%. Percentage of staff passing cybersecurity training with a score ≥ 80%.in range of 75% - 90%. Percentage of employees who failed the phishing simulation test by entering data in range of 1%-5%.
Mitigation actions	Standardizing Clinical Practice Guidelines (CPGs) promotes consistent, evidence-based care and reduces unwarranted practice variation, thereby improving patient outcomes and safety. It also streamlines training and auditing, ensuring efficient resource utilization and stronger compliance with regulatory and accreditation standards. Enhance communication and teamwork in the diagnostic process by fostering a culture in which seeking second opinions or specialist consultations and establishing a dedicated network-support group that enables physicians to readily confer with colleagues and experts on patient management. Clinical Decision Support Systems (CDSS) integrated into Electronic Health Records) that provide clinicians with medical guidance at the point of care. Enhancements in Electronic Health Records (EHR) and health IT to support diagnostic accuracy, integration of diagnostic checklists and order sets into the EHR. Diagnostic data monitoring and feedback systems to identify potential diagnostic errors called “trigger tools” uses these tools to catch what humans might miss and to ensure no information is lost. Foster a Culture of Patient Safety example Situation Awareness and Speak Up program.	The Information Security Management committee monitor the risk and mitigations for cyber security. The committee reports into the executive committee and Enterprise risk management committee. To ensure effective risk management and alignment with our organizational strategy, we have established a data-governance policy and require all employees to complete mandatory annual cybersecurity training. To ensure comprehensive IT risk management, we have established a mitigation plan that includes: Enhanced Vulnerability Assessments: Increase the frequency and thoroughness of vulnerability checks across various systems, including assessments of devices in use to ensure they can still receive security patch updates. Comprehensive Awareness Training: Develop complete and appropriate training programs for operators at all levels, focusing on the risks associated with using unsecured Wi-Fi and accessing data from personal devices. Collaboration with Affiliated Companies: Work with affiliated companies to prepare reports on end-of-support servers, including devices that are not yet expired but cannot receive security patch updates. Additionally, create follow-up or backup plans for servers that cannot be maintained by external service providers. Implementation of Advanced Protection Technologies: Deploy advanced protection technologies, such as Endpoint Detection and Response (EDR) and Intrusion Detection Systems (IDS/IPS), to prevent and respond to real-time attacks. Third-Party Risk Management: Regularly audit and evaluate the security measures of external service providers to ensure effective cyber threat prevention. Regular Policy Review and Improvement: Conduct regular reviews and updates of the cybersecurity policy, including assessments of the organization’s ability to recover from cyber threats and other disasters. Testing and Refining Contingency and Disaster Recovery Plans: Regularly test and update the Cyber Threat Contingency Plan and Disaster Recovery Plan (DRP). Following each test, performance evaluation should be conducted and compared with actual incidents to identify gaps (Gap Analysis) and areas for improvement. In cases where existing plan proves ineffective during actual incidents, a plan reassessment (Revisit Plan) is necessary to ensure it can adequately address real-world scenarios.

*Accumulated Average Daily Census (AADC)

Risk Culture

Regular risk management education for all non-executive directors

In 2025, BDMS Board of directors has attended on Risk Management Program for Corporate Leadership program arranged by a third party expert in risk management. The program is designed for Board of Directors, Enterprise Risk Management Committee, Sustainability Development Committee, BDMS group CEOs, and Hospital Directors. The course intends to raise understanding of their roles in overseeing different types of risks which also include risks arising from opportunity management and business crises. The program reflects through the perspectives of corporate leaders who are responsible for supervising and monitoring the work of executives who directly manage the risks. The training agenda includes;

COSO ERM Framework 2025 Healthcare Outlook,
Key Risk Landscape,
Benchmarking and relevant measures and AI in healthcare: Enabler & Disruptor.

Integration of Risk Culture across organization on risk management principles

BDMS fosters a culture of accountability and proactive risk management, empowering employees to identify and address risks in alignment with the company's objectives. Several trainings and activities to increase the awareness for risk management are provided to employees as follow:

Safety Culture

BDMS Enterprise Risk Establishment Workshop

BDMS Quality Management in collaboration with Deloitte Touche Tohmatsu Jaiyos Co., Ltd., organized the BDMS Enterprise Risk Establishment Workshop with participation from over 120 attendees. The workshop’s primary target group included senior executives—Chief Executive Officers from all hospital groups and business units—as well as leaders responsible for each risk domain. The session covered seven key risk domains, namely: Strategic Risk, Financial Risk, Clinical and Patient Safety Risk, Non-Clinical / Operational Risk, Human Capital Risk, Legal / Regulatory / Reputation Risk and Technology Risk. The objective was to collectively identify BDMS’s enterprise-wide risks, prioritize them based on impact and likelihood, review current control measures, and develop appropriate mitigation plans along with defining Key Risk Indicators (KRIs) to enable effective monitoring and follow-up. This initiative reflects BDMS’s commitment to embedding comprehensive risk management across all levels of the organization, strengthening operational resilience, and reinforcing its foundation for sustainable healthcare excellence.

Enterprise Risk Management Training

On Tuesday, February 25, 2025, the Medical Quality Department of Bangkok Dusit Medical Services Public Company Limited (BDMS) organized a training session on Enterprise Risk Management (ERM) for employees at all levels across the organization. The objective was to enhance understanding of the corporate risk policy framework and increase awareness of BDMS’s key risk areas across various domains. The training was conducted online and was attended by over 1,000 employees from hospitals across the BDMS network.

This initiative reflects BDMS’s commitment to fostering a risk-aware culture, empowering staff with the knowledge to support proactive and effective risk management organization-wide.

BDMS Information Security Awareness Training 2025

BDMS is committed to fostering a culture of awareness and promoting a clear understanding of information security and responsible use of information technology across the organization. To support this objective, BDMS launched the BDMS Information Security Awareness Training 2025, targeting all employees from executive level to operational staff across the BDMS network. Executives and employees can register for the course through the BDMS People Connect system under Course ID 30484, which includes two key modules: Information Security and Information Privacy. Participants are encouraged to complete the training and knowledge assessment during the period of February 7 to March 7, 2025. This initiative reinforces BDMS’s commitment to safeguarding digital assets and ensuring data protection practices are consistently applied throughout the organization.

Mandatory risk management training

BDMS has implemented a policy to establish risk management training as mandatory for all employees. BDMS recognizes that the risk of clinical lawsuits is often attributed to miscommunication between healthcare providers and patients. Mandatory trainings that the doctors and dentists are required to attend. The BDMS Mandatory Courses with a total of 5 courses as follows:

BDMS Bylaws
Code of Behavior
Informed Consent
Legal Issues in Insured Patient Administration for Physicians
BDMS PDPA Awareness Training for BDMS Physicians

These courses encompass the Code of Conduct and good practices for doctors and dentists, including PDPA, informed consent, and other relevant laws to ensure doctors’ awareness of insured patients as well as to communicate and foster an understanding of correct medical practices which shall be in line with BDMS Bylaws. These 5 courses are mandatory courses for all BDMS doctors and dentists to attend via the BDMS MSO Training. In 2024, BDMS mandates 100% completion of online mandatory training for all doctors and dentists.

Risk Management Process in BDMS New Product and Service Development Process

BDMS evaluates and assesses the potential risks and issues in the new product and service development process using Failure Mode and Effects Analysis (FMEA). The analysis commences from the fundamental of the process operated by the personnel in related fields. The representatives of Quality Centre are responsible for efficiently analyzing the potential defaults and impact as well as monitoring the outcome for at least 4 consecutive months. The report must be quarterly submitted to the related Committee with the following steps:

Financial incentives which incorporate risk management metrics

BDMS has integrated risk management metrics into employees' performance evaluations, extending from operational staff to executive leadership. This strategic integration ensures that risk awareness and mitigation efforts permeate throughout the organization. The KPIs for CEO and Hospital Directors is relied on Risk Management. The financial incentive is provided to Executives in relation to achievement of risk performance indicators, including Cost of Poor Quality, Achievement of Sentinel Event Management, and Achievement of Utilization Management (UM) Indicators.

Emerging Risks

A. Emerging risks of AI and Medical Technology Transition in Healthcare sector

Thailand is experiencing a transformative digital transition, driven by an upcoming development plan that prominently features the implementation of Artificial Intelligence (AI) in business operations. The Thai government has announced plans to promote the use of artificial intelligence across targeted industries since 2022. This initiative will be guided by the (Draft) Thailand National AI Strategy and Action Plan, which spans a period of six years from 2022 to 2027. The (Draft) plan is designed to focus on three key objectives:

(1) building human capacity and advancing technology

(2) fostering economic growth

(3) generating positive social and environmental impacts.

The plan is focused on sectors that demand high levels of expertise or advanced skills, such as the medical and healthcare industry. The government's support plan includes measures such as ensuring readiness of AI application in ethical, legal, and regulatory aspects, developing a robust national infrastructure for AI development, upgrading the skills of the workforce to meet future demand, and promoting the use of AI in economic sectors to drive innovation and competitiveness. It also includes consideration of tax exemptions through the Board of Investment (BOI) for companies that invest in the scientific research in AI/Digital Technology, AI Talent development and AI Skills, the Future of Work and inclusion and Social Well-Being (Social innovation).

As the demand for AI specialists grows to support this upcoming development plan, Thai companies increasingly need to evolve their career development programs in response to the transformation of the industrial structure brought about by the integration of AI technology.

Significant potential impacts

BDMS as a targeted industry group (Medical and healthcare sector) of the (Draft) Thailand National AI Strategy and Action Plan. A lack of alignment with the national AI strategy within 3 years may lead to ability to keep up industry developments in innovation, shortage in advanced skilled workers proficient in AI, and unprepared in AI governance may involve errors and misuse in AI applications for data analysis. The significant impacts include;

Ability to keep up industry developments in innovation

The reluctance to adopt AI in operation may result in lagging behind peers, with less efficient diagnostics processes. Failure to implement AI technology in medical surgeries and treatments such as Teleradiology for chest x-ray could lead to loss in market share of Teleradiology that can generate revenue with estimation of 27.5 million Baht. Misalignment of adoption in AI leads to missing out on tax incentives for AI skill development increasing operational expenses. In addition, legal challenges and damage to reputation may arise from non-compliance with future AI regulations within 3-5 years, while ethical missteps in AI use could diminish patient trust.

Shortage in advanced skilled workers proficient in AI

As AI adoption in healthcare continues to grow, particularly in scenario where AI is integrated in data analysis and the enhancement of patient treatments, the Company may face a shortage of skilled talents proficient in AI implementation of healthcare diagnosis and/or treatment. To address this, the Company should manage its recruitment strategy to attract AI-skilled professionals while also investing in upskilling employees to build internal capabilities and integrate AI innovation into their knowledge base.

Errors and misuse in AI applications for data analysis

As AI has played a role in data analysis, there may be occasional challenges related to its application or interpretation by the responsible team. These challenges could affect the accuracy of insights derived from data. The Company needs to continue strengthening its governance structure to ensure the responsible use of AI and promote data management and analysis in the alignment with BDMS’s strategic objectives, integrity and ethical standards.

Mitigating Actions

BDMS is aware of the AI technology transition. To mitigate these risks, BDMS has integrated the AI Journey for Healthcare Services operations by taking several proactive steps:

1. Skill enhancement in AI technology

The BDMS Human Resource Department is proactively addressing the upcoming need for workforce skills to prepare and support specialized expertise in AI technology, particularly in medical and operational workflows. The department is continuously engaging with relevant teams to identify the necessary skills for recruitment and development plans for BDMS employees. To support AI readiness among BDMS employees, the following development and encouragement programs have been established:

“The impacts of AI” Training Program: In response to the current rapidly changing landscape in technology and artificial intelligence (AI), BDMS has organized the specialized training program “The Impacts of AI” in a hybrid format for employees at all levels, achieving 100% participation. This program aims to raise awareness and enhance employees’ understanding of artificial intelligence technology and modern management knowledge. It aligns with the organization’s strategy and direction to be applied in everyday operations, ultimately increasing work efficiency and reducing waiting times. Additionally, it provides skills for innovative leadership and the pursuit of opportunities to create a competitive advantage in business.
BDMS Innovation Group Contest: BDMS encourages employee for skill enhancement in AI technology through the establishment of BDMS Innovation Group Contest an innovation competition platform within the business group of BDMS, comprising a total of 8 categories from 8 BDMS’s business networks. The objective is to promote and innovative ideas within the BDMS network while providing opportunities for personnel and various departments to integrate knowledge and experience, showcasing their innovative potential and guiding the organization’s development in new dimensions to meet the changing demands of the world. Some innovative ideas are created by BDMS employees with AI implementation such as “Health Up” A Multifunction App for escorting patients along their journey e.g., appointment, health history record and payment. Other applications include “NPI Bed”, a patient bed with a pressure ulcer prevention system and “Bambily”, acontactless, continuous Temperature Monitoring Solution for Inpatients. These innovation based on AI implementation can be utilized in upfront operations and inpatient departments to improve and enhance customer experiencesand promote environmental stewardship for BDMS sustainable business practices. In addition to fostering creativity, this activity builds relationships and cooperation networks among the network groups and its subsidiaries, emphasizing the exchange of knowledge and information related to innovation.
Data management training AI implementation: BDMS has implemented training programs for employees in data analysis modules that incorporate AI principles. These programs aim to enhance understanding of
- AI concepts and ensure that any errors, misuse, or misleading information are detected and addressed effectively.
- Innovation Development through Effective AI & Data Management,
- How to use data as a tool for empowerment,
- Leveraging AI for Innovation Development and Utilizing Data Analytics Tools for Innovation Creation.

2. Medical AI application and collaboration:

BDMS invested in Thai Healthtech entrepreneurs, leading start up in medical AI developer of Medical Large Language Models (Medical LLMs). The initiative is set to elevate Thailand's medical capabilities by integrating AI to enhance the interpretation and analysis of laboratory tests. This AI technology will act as solution for disease screening and diagnosis, data analysis for service improvement, technology for work process reduction, technology for timely health monitoring, and technology for sustainable medical services.
In 2023, BDMS invested over 1.5 billion THB in Serie A level investment in Thai startup companies. This investment led to the successful launch of several projects, such as the Perceptra Project to uses AI to read x-ray results for medical radiologists, OOCA application that was developed for use in online consultations with psychiatrists and psychologists,“BeDee” application, providing Tele-health, Tele-pharmacy, Tele-medicine service, medical supplies (Health Mall), health knowledge through curated Health content.

3. BDMS AI Use Cases:

AI Symptom checker: BDMS has launched an AI Symptom Checker through an AI Chatbot named "Ally," which enables patients to perform self-assessments of their symptoms. This AI-driven solution allows BDMS to streamline the traditionally time-consuming process of symptom checking. Additionally, it aids in the consolidation of patient data for the development of subsequent medical plans.
BDMS Digital Front Door: In its mission to become a smart hospital, BDMS has implemented AI technology in its smart front door registration and queuing system. Patients at BDMS can utilize the digital front door for self-registration, queuing, and insurance management. The AI generates medical history analyses, which help patients significantly reduce the time spent on these processes by 50% compared to traditional methods, while also minimizing risk from human errors. Additionally, the AI offers benefits to BDMS by reducing paper usage and lessening the workload of medical personnel.
BDMS Teleradiology: BDMS employs an AI platform called "Inspectra CXR" to enhance the efficiency of chest X-ray diagnoses. This solution guarantees high performance and accurate diagnoses, with each case taking less than 1 minute to diagnose, compared to the average time of 16.56 minutes per case by radiologists. The solution is designed to reduce the workload of medical personnel by 70% and deliver accurate results through an abnormality score and heatmap. It also aims to reduce the average reading time per case by 50%, thereby speeding up the medical decision-making process and accelerating the turnaround time for checkup reports by up to 10 times.
BDMS AI Lab Interpretation: BDMS has utilized AI for the interpretation of health check-up data. This solution is designed to enhance the patient experience by providing automated health check-up data interpretation through infographics.
AI interpretation: BDMS has introduced an AI-powered interpretation chatbot to bridge the language barrier gap. This solution is set to enhance the efficiency of interpretation services by integrating with 14 workflows of the checkup process.
BDMS Automated Speech Recognition: The use of AI with voice recognition to automate English and Thai voice recognition for medical record. This advancement allows BDMS to reduce errors in medical documentation.
Happy Bot: BDMS has deployed robots to handle the distribution of medication within the hospital. This will increase efficiency, reduce human error, and also minimize the risk of hospital-acquired infections as robots can operate with minimal human interaction. Upskill resource in AI and medical technology adoption “Generative AI Hybrid Learning 2023 of Phyathai Hospital Group and Paolo Hospital Group.In 2023, BDMS develop a comprehensive internal training program called “Generative AI Hybrid Learning 2023” to directors , managers and all staffs. The program focused on the use of AI and its applications in healthcare. This program should aim to upskill existing employees and attract new talent with AI expertise and contribute to the operation efficiency and cost effectiveness. By fostering a culture of continuous learning and innovation, the company can build a workforce that is well-equipped to handle AI technologies and adapt to future advancements.
In 2024, BDMS achieved the SET Awards 2024 in the Business Excellence category for Best Innovative Company Awards by the Stock Exchange of Thailand. BDMS was recognized for its innovative artificial intelligence (AI) chest screening technology, designed to minimize the workload of radiologists and increase opportunities for early disease detection to ensure prompt medical treatment. BDMS, together with the innovation partners, is capable of developing innovations that contribute to national sustainability. The artificial intelligence (AI)-based disease screening innovation is the outcome of a collaboration between the Faculty of Medicine Siriraj Hospital, Mahidol University, Perceptra Co., Ltd., a Thai Startup, and the National Competitiveness Enhancement Fund (NCEF). The project aims to develop an AI system for screening chest diseases, with BDMS providing research facilities to test and apply the technology while improving workflows to align with the practical operational context in hospitals. The AI system can diagnose up to 8 types of lung conditions and has an accuracy rate of 96% in detecting abnormalities. This has resulted in a 40% reduction in radiologists’ workload. The AI system has already processed over 4 million images and is being applied in 90 hospitals nationwide, including 15 hospitals within the BDMS network.

4. Information Security Governance, including AI

BDMS has updated the Company Information Security Governance structure and system to ensure full implementation and effectiveness of the information security framework, which encompasses cybersecurity, data privacy, and AI implementation. The Company has defined clear roles and responsibilities for the responsible team to ensure that the systems are secure and capable of detecting any cyber threats. In terms of AI implementation, the Company ensures that the dataset is properly managed and compliant with relevant regulations. Furthermore, To ensure ethical and responsible AI implementation, the company has established frameworks, including guidelines for the Ethical Use of AI Technology. Conducting AI Impact and Risk Assessments to evaluate potential security risks to personal data and user rights. An AI Ethics Governance Board is established to oversee AI development and usage, ensuring continuous monitoring of AI systems. BDMS integrates AI-related risks into its overall IT risk management framework, emphasizing system resilience, service continuity, and business impact analysis in accordance with ISO/IEC 27001 and COBIT 5 principles. A formal Change Management Process is enforced for any AI system deployment, requiring risk evaluation, security review, and approval from designated IT and clinical governance committees. System and network controls are in place to restrict unauthorized access to AI models and training data, while audit trails and log management ensure traceability and accountability. AI solutions must also undergo post-deployment performance monitoring and be subject to regular internal audits.

B. Supplier risks from regulatory pressure and geopolitical tensions may impact healthcare operations

The healthcare industry in Thailand increasingly relies on importing medical equipment, supplies, and pharmaceuticals from around the globe to ensure the continuity of treatment systems in compliance with national laws, regulations, and medical standards. This reliance on third-party suppliers poses significant long-term challenge for healthcare organizations. The update in global regulation and escalating geopolitical tension has introduced disruptions in the supply chain, potentially leading to shortages of essential medical resources. BDMS recognizes emerging risks that may arise in following perspectives;

Changes in global regulations

Changes in global regulations, driven by increasing pressure from stakeholders such as customers and investors, influencing of organizations to place greater emphasis on environmental, social, and sustainability within the supply chains, These include requirements for eliminating forced or child labor, promoting non-discrimination, and achieving greenhouse gas emissions reductions within set timeframes. This may put pressure to suppliers in compliance with these stricter requirements.

For instance, Germany has enacted the German Supply Chain Due Diligence Act, which requires businesses to analyze and verify their suppliers/partners' production processes for legal compliance. If human rights or environmental violations are suspected or detected, companies must reassess their suppliers/business to prevent human rights abuses and environmental damage worldwide. Additionally, the United States has issued an Executive Order (EO) on supply chain resilience, aiming to strengthen and increase the long-term resilience of supply chains. Reshoring or nearshoring some types of production is part of a strategy to reduce production and transportation costs, as well as reduce greenhouse gas emissions, create local jobs, and increase control over their own supply chains. Additionally, the U.S. Uyghur Forced Labor Prevention Act (UFLPA) mandates that suppliers who supplies product to the U.S. are required to complied with updated requirements to ensure that their production processes are free from forced labor.

Current situation in global geopolitical crises

The recent announcement by the United States regarding the increased tariffs on all imported goods, effective from early 2025, poses significant uncertainty for companies that import and supply products from international markets. Uncertainty surrounding tariff rates could elevate the procurement costs for imported medical equipment and supplies.

Significant potential impacts

BDMS’s tier-1 suppliers, key distributors of medical equipment, supplies, and medicines in Thailand, source product globally from regions, such as the U.S., Europe, and Japan. However, these suppliers encounter substantial challenges arising from uncertainties related to U.S. tariffs and evolving global regulations. Tariff fluctuations may result in increased procurement costs for imported medical equipment and supplies. As BDMS is one of the largest healthcare service providers in Thailand, the emerging risks are likely to be transferred to us, directly affecting the company's operational expenses.

Additionally, changes in regulations may cause delivery delays, particularly for BDMS's non tier-1 suppliers involved in medical supply manufacturing and global exporting. Non-tier-1 suppliers may encounter difficulties adapting swiftly to the complexities of new regulatory requirements due to limited familiarity or capacity, potentially delaying their ability to deliver supplies on schedule. Such delays could cascade through BDMS’s supply chain, adversely affecting the performance of tier-1 suppliers and ultimately compromising BDMS’s operational efficiency, patient care standards, and trust among patients.

Mitigating Actions

To manage risks and enhance supply chain management processes, the Company has implemented comprehensive supply chain planning and enterprise risk assessments, along with clearly defined supply chain risk management strategies. The BDMS procurement team continuously monitors the situation and plans to diversify its ordering strategy to reduce dependence on a single distributor.

The Company has also established guidelines for developing sustainable products throughout the supply chain and seeks business partnerships to reduce risks, including promoting the use of local suppliers to reduce reliance on imports, such as switching from original to generic drugs and locally produced pharmaceuticals. This includes assessment according to medical service standards, focusing on equal quality control, enhancing production capacity, and balancing the reduction of environmental impact and greenhouse gas emissions through improvements and management of the production lines of relevant business units. The Company also supports the use of labor and technology in Thailand to enhance domestic production capacity, which contributes to the efficient delivery of services to patients. All of these actions will strengthen the supply chain of products essential to the organization's business, as well as the security of the country and the health and well-being of the Thai people and the world in the future. Furthermore, BDMS has established a structured supplier pre-qualification system to assess and ensure that strategic partners meet the company’s green procurement criteria. As part of this process, suppliers are required to complete an ESG-focused evaluation, covering environmental performance, sustainable sourcing, and regulatory compliance. These evaluations serve as a baseline for supplier selection, engagement, and continuous improvement in alignment with BDMS responsible supply chain strategy.

Additionally, the Company is committed to ensuring the readiness of medical equipment through strict maintenance protocols and regular inspections. A proactive approach to inventory management will be adopted, including the establishment of safety stock levels for critical medical supplies to prepare for unusual situations.

Furthermore, BDMS will engage in strategic partnerships with multiple suppliers to create a more resilient supply chain, enabling quicker responses to disruptions. Training programs for staff on risk awareness and contingency planning will also be implemented to ensure that the team is well-prepared to handle unexpected challenges. Regular reviews of supplier performance and risk assessments will be conducted to identify potential vulnerabilities and develop appropriate mitigation strategies.